Image:OWASPSanAntonio 2006 05 ForcefulBrowsing Content.pdf
From OWASP
OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf (file size: 59 KB, MIME type: application/pdf)
By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With this technique, you may be assured that clients may only visit pages for which links have been presented.
Granularity may be adjusted for an entire page, as well as for specific page parameters. For example, you may prevent a user from deleting customers altogether, or you may permit a user to delete customer #1, but not customer #2. In addition, a notification system can alert you when users are forceful browsing.
The implementation will be presented using PHP.
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Dimensions | User | Comment | |
|---|---|---|---|---|
| current | 13:25, 10 July 2006 | (59 KB) | Dancornell (Talk | contribs) | (Category:OWASP Presentations By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With this technique, you may be assured that clients may only visit pages f) |
- Search for duplicate files
- Edit this file using an external application
See the setup instructions for more information.
Links
The following page links to this file:
